Buffer Overflow Vulnerability in Sielco Sistemi Winlog Pro and Winlog Lite SCADA

Buffer Overflow Vulnerability in Sielco Sistemi Winlog Pro and Winlog Lite SCADA

CVE-2012-4355 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354.

Learn more about our Web Application Penetration Testing UK.